diff --git a/include/mbedtls/quic.h b/include/mbedtls/quic.h index 13a380391e1c..08e194827647 100644 --- a/include/mbedtls/quic.h +++ b/include/mbedtls/quic.h @@ -11,7 +11,7 @@ extern "C" { #endif typedef struct mbedtls_ssl_context mbedtls_ssl_context; -typedef struct mbedtls_ssl_ticket mbedtls_ssl_ticket; +typedef struct mbedtls_ssl_session mbedtls_ssl_session; typedef struct mbedtls_quic_input mbedtls_quic_input; typedef struct quic_input_msg quic_input_msg; typedef struct quic_input_queue quic_input_queue; @@ -176,7 +176,7 @@ typedef int mbedtls_quic_send_alert_t( */ typedef void mbedtls_quic_process_new_session_t( void *param, - mbedtls_ssl_ticket *session_ticket); + mbedtls_ssl_session *session_ticket); /** * \brief QUIC method callbacks. */ diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index b2b69a670b8a..4c5b6f2a4f67 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -1879,6 +1879,14 @@ int mbedtls_ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ); void mbedtls_ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_PROTO_DTLS */ + +#if defined(MBEDTLS_SSL_PROTO_QUIC) +int mbedtls_set_quic_traffic_key(mbedtls_ssl_context *ssl, mbedtls_ssl_crypto_level level); +/* Shared implementation for the QUIC transport params setting */ +int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl, + const uint8_t *params, size_t len, + uint8_t **oparams, size_t *olen); +#endif #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) #if defined(MBEDTLS_ECDH_C) /** @@ -2075,11 +2083,4 @@ int mbedtls_ecp_tls_13_write_group( const mbedtls_ecp_group *grp, #endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ -#if defined(MBEDTLS_SSL_PROTO_QUIC) -int mbedtls_set_quic_traffic_key(mbedtls_ssl_context *ssl, mbedtls_ssl_crypto_level level); -/* Shared implementation for the QUIC transport params setting */ -int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl, - const uint8_t *params, size_t len, - uint8_t **oparams, size_t *olen); -#endif #endif /* ssl_internal.h */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a75fd6c427a3..b0c4b05d0925 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -3298,8 +3298,8 @@ static int ssl_server_hello_session_id_check( mbedtls_ssl_context* ssl, } static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, - const unsigned char* buf, - size_t buflen ) + const unsigned char* buf, + size_t buflen ) { int ret; /* return value */ @@ -3399,7 +3399,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) ); SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -3412,7 +3412,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -3429,12 +3429,12 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR, - MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == - ssl->session_negotiate->ciphersuite ) + ssl->session_negotiate->ciphersuite ) { break; } @@ -3457,7 +3457,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -3469,7 +3469,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -3488,7 +3488,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -4535,21 +4535,24 @@ int mbedtls_ssl_quic_post_handshake(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_parse_new_session_ticket", ret); return(ret); } - mbedtls_ssl_ticket* ticket = mbedtls_calloc(1, sizeof(mbedtls_ssl_ticket)); - if (ticket == NULL) + + mbedtls_ssl_session* session_ticket = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); + if (session_ticket == NULL) { return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } - if ((mbedtls_ssl_get_client_ticket(ssl, ticket) != 0)) + + if( ( ret = mbedtls_ssl_get_session( ssl, session_ticket ) ) != 0 ) { - mbedtls_free(ticket->ticket); - mbedtls_free(ticket); - return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_session", ret); + mbedtls_ssl_session_free(session_ticket); + return(ret); } + // the ticket will be transfered to and be released by the app ssl->quic_method->process_new_session( ssl->p_quic_method, - ticket); + session_ticket); return (ret); } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 06dda91bea5e..66b6e4f9d5ab 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -2376,6 +2376,7 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl ) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_QUIC) mbedtls_set_quic_traffic_key(ssl, MBEDTLS_SSL_CRYPTO_LEVEL_APPLICATION); #endif /* MBEDTLS_SSL_PROTO_QUIC */ + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS ); } else @@ -3185,6 +3186,51 @@ int mbedtls_ssl_write_early_data_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_ZERO_RTT */ +#if defined(MBEDTLS_SSL_PROTO_QUIC) + +/* declared in ssl_internal.h */ +int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl, + const uint8_t *params, size_t len, + uint8_t **oparams, size_t *olen) +{ + if (len > MBEDTLS_QUIC_TRANSPORT_PARAMS_MAX_LEN) + { + MBEDTLS_SSL_DEBUG_MSG(1, ("ssl_set_quic_transport_params: bad transport_params length")); + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; + } + + if ((*oparams = mbedtls_calloc(1, len)) == NULL) + { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + memcpy(*oparams, params, len); + *olen = len; + + return 0; +} + +int mbedtls_ssl_set_quic_transport_params(mbedtls_ssl_context *ssl, + const uint8_t *params, size_t len) +{ + // Setting transport params more than once is not expected, but + // permitted. + mbedtls_free(ssl->quic_transport_params); + ssl->quic_transport_params = NULL; + + return ssl_set_quic_transport_params(ssl, params, len, + &ssl->quic_transport_params, &ssl->quic_transport_params_len); +} + +void mbedtls_ssl_get_peer_quic_transport_params(mbedtls_ssl_context *ssl, + const uint8_t **oparams, size_t *olen) +{ + *oparams = (const uint8_t*)(ssl->peer_quic_transport_params); + *olen = ssl->peer_quic_transport_params_len; +} + +#endif /* MBEDTLS_SSL_PROTO_QUIC */ + #if defined(MBEDTLS_ECDH_C) #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) @@ -3569,52 +3615,6 @@ int mbedtls_ecp_tls_13_write_group( const mbedtls_ecp_group *grp, size_t *olen, } #endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_SSL_PROTO_QUIC) - -/* declared in ssl_internal.h */ -int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl, - const uint8_t *params, size_t len, - uint8_t **oparams, size_t *olen) -{ - if (len > MBEDTLS_QUIC_TRANSPORT_PARAMS_MAX_LEN) - { - MBEDTLS_SSL_DEBUG_MSG(1, ("ssl_set_quic_transport_params: bad transport_params length")); - return MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - if ((*oparams = mbedtls_calloc(1, len)) == NULL) - { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(*oparams, params, len); - *olen = len; - - return 0; -} - -int mbedtls_ssl_set_quic_transport_params(mbedtls_ssl_context *ssl, - const uint8_t *params, size_t len) -{ - // Setting transport params more than once is not expected, but - // permitted. - mbedtls_free(ssl->quic_transport_params); - ssl->quic_transport_params = NULL; - - return ssl_set_quic_transport_params(ssl, params, len, - &ssl->quic_transport_params, &ssl->quic_transport_params_len); -} - -void mbedtls_ssl_get_peer_quic_transport_params(mbedtls_ssl_context *ssl, - const uint8_t **oparams, size_t *olen) -{ - *oparams = (const uint8_t*)(ssl->peer_quic_transport_params); - *olen = ssl->peer_quic_transport_params_len; -} - -#endif /* MBEDTLS_SSL_PROTO_QUIC */ - #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #endif /* MBEDTLS_SSL_TLS_C */